Hi,
I'm using the preconfigured firewall that comes with CentOS 5. I configure it with system-config-securitylevel-tui, close all ports except SSH, and then open only the ones I need.
Right now, on one of my desktops, I've installed AMSN, which requires opening a series of ports. I've configured the app to use ports 7000 to 7010 (TCP and UDP). When running system-config-securitylevel-tui, the last line enables to define custom ports, not mentioned elsewhere in the menu. So, for example, when I want to add port 6891 for tcp and udp, I write an entry like this:
6891:tcp 6891:udp
But what's the syntax for several ports? I tried this:
7000-7010:tcp 7000-7010:udp
And then, 'service iptables status' gives me this:
10 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:4662 11 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:4672 12 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp pts:7000:7010 13 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp pts:7000:7010 14 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 15 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Does that mean that I have opened ports 7000 to 7010? Or only ports 7000 and 7010? I'm not quite sure how to read this.
Cheers,
Niki
On 14/03/2008, Niki Kovacs contact@kikinovak.net wrote:
Does that mean that I have opened ports 7000 to 7010? Or only ports 7000 and 7010? I'm not quite sure how to read this.
Could you use something like nmap to check the open ports?
Alan.
On Fri, 14 Mar 2008 17:32:08 +0100 Niki Kovacs contact@kikinovak.net took out a #2 pencil and scribbled:
Hi,
I'm using the preconfigured firewall that comes with CentOS 5. I configure it with system-config-securitylevel-tui, close all ports except SSH, and then open only the ones I need.
Right now, on one of my desktops, I've installed AMSN, which requires opening a series of ports. I've configured the app to use ports 7000 to 7010 (TCP and UDP). When running system-config-securitylevel-tui, the last line enables to define custom ports, not mentioned elsewhere in the menu. So, for example, when I want to add port 6891 for tcp and udp, I write an entry like this:
6891:tcp 6891:udp
But what's the syntax for several ports? I tried this:
7000-7010:tcp 7000-7010:udp
And then, 'service iptables status' gives me this:
10 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:4662 11 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:4672 12 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp pts:7000:7010 13 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp pts:7000:7010 14 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 15 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Does that mean that I have opened ports 7000 to 7010? Or only ports 7000 and 7010? I'm not quite sure how to read this.
Cheers,
Niki
It means you've opened 7000 through to 7010 for udp and tcp.
On Friday 14 March 2008 12:32, Niki Kovacs wrote:
Right now, on one of my desktops, I've installed AMSN, which requires opening a series of ports. I've configured the app to use ports 7000 to 7010 (TCP and UDP). When running system-config-securitylevel-tui, the last line enables to define custom ports, not mentioned elsewhere in the menu. So, for example, when I want to add port 6891 for tcp and udp, I write an entry like this:
Check out this site. It's a tutorial fro IPTables.
http://iptables.rlworkman.net/chunkyhtml/index.html
Robert Spangler a écrit :
Check out this site. It's a tutorial fro IPTables.
Funny you send me this link. I know Robbie Workman as an ex-fellow Slackware user.
And I also know some basic iptables (no system-config-* in Slackware :oD). My question was more about the syntax of the integrated Firewall tool that ships with CentOS.
Cheers,
Niki
On Saturday 15 March 2008 01:14, Niki Kovacs wrote:
Check out this site. It's a tutorial fro IPTables.
Funny you send me this link. I know Robbie Workman as an ex-fellow Slackware user.
And I also know some basic iptables (no system-config-* in Slackware
:oD). My question was more about the syntax of the integrated Firewall
tool that ships with CentOS.
Correct. My thought was to show you how to use the CLI and get away from the gui's. You have more control over the firewall this way. That's just my $.02